CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

Design/Logic Flaw

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the...

Code injection

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the...

eVisitorPass Elevation of Privilege Vulnerability

Threshold eVisitorPass is a visitor management system from Threshold Canada. A privilege-lifting vulnerability exists in Threshold eVisitorPass version 1.5.5.2. A local attacker could use this vulnerability to open the task manager, terminate processes, or start other processes...

CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

Node.js third-party modules: [listening-processes] Command Injection

I would like to report Command Injection in listening-processes It allows an attacker to execute arbitrary commands. Module module name: listening-processes version: 1.2.0 npm page: https://www.npmjs.com/package/listening-processes Module Description A simple NPM module for retrieving pertinent...

Webmin 1.900 Upload Authenticated Remote Command Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes proc privilege is set the user can...

Webmin Upload Authenticated RCE

This module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the 'Running Processes' proc privilege is set the user can accurately...

GLSA-201903-10 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-10 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive information, caus...

openSUSE Security Update : gdm (openSUSE-2019-310)

This update for gdm fixes the following issues : Security issue fixed : - CVE-2019-3825: Fixed a lock screen bypass when timed login was enabled bsc1124628. Other issues fixed : - GLX applications do not work well when the proprietary nvidia driver is used with a wayland session. Because of that...

Security update for gdm (moderate)

openSUSE Security Update: Security update for gdm Announcement ID: openSUSE-SU-2019:0310-1 Rating: moderate References: 1112294 1112578 1113245 1113700 1120307 1124628 Cross-References: CVE-2019-3825 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has 5 fixes is...

openSUSE Security Update : supportutils (openSUSE-2019-293)

This update for supportutils fixes the following issues : Security issues fixed : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...

openSUSE: Security Advisory for supportutils (openSUSE-SU-2019:0293-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-19640

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...

CVE-2018-19640

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...

Memory corruption

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...

CVE-2018-19640 Code execution if run with command line switch -v

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 e.g. with CVE-2018-19638 he can kill arbitrary processes on the local machine...

CVE-2018-19640

CVE-2018-19640 affects the OpenSUSE/openSUSE/SUSE openSUSE hostinfo and supportutils up to versions before 3.1-5.7.1. The issue allows an attacker who can create files in the log-collection directory to kill arbitrary processes on the local machine. Root cause cited: manipulation of the log direc...

Usermin 1.750 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...

SUSE Supportutils Input Validation Error Vulnerability

SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. An input...